Can I set permissions for plugins by user role? (Vanilla 2.1 stable) SOLVED

whu606

Using Vanilla 2.1 stable.

I've had a look on here and on the wiki, but haven't found what I am looking for. (I may just have missed it.)

I see that plugins can check user permissions, and show based on that.

Is there a way to do this simply based on a user's role? That is, to check for a specific role, and allow the user access only if they are in that role?

Thanks for any help.

R_J

I've written a plugin that displays different themes based on users role. I think that will be a good starting point: https://github.com/R-J/RolebasedTheme/blob/master/class.rolebasedtheme.plugin.php

R_J

... but you have to think about users with more than one role, which is not very clean but since it is possible it might happen.

whu606

@R_J‌

Thanks very much. I'll have a shufti at that.

x00

This is backwards.

Roles are assigned permissions. Permissions determine access not roles.

Roles are how you assign different sets of permissions to different users.

Yes you can do it, it but is is not vanilla.

x00

In other words if you want to check if someone should be able to do something, you should check permissions not roles. Role, is to assign those permission to the user, and with multiple roles, the permissions are additive.

whu606

@x00‌

Thanks for that.

I guess what I should be asking then is

is there documentation/guidance on creating a custom permission to assign to users?

hgtonight

I can't see a use case for this, but you can definitely do it!

public function CheckForRole($ID = -1, $Name = '') {
  if((!is_numeric($ID) || $ID < 0) && $Name == '') {
    return FALSE;
  }
  $Session = Gdn::Session();
  $Ref = ($ID > 0) ? $ID : $Name;
  $RoleModel = new RoleModel();
  $Dataset = $RoleModel->GetByUserID($Session->UserID)->Result(DATASET_TYPE_ARRAY);
  $Roles = ConsolidateArrayValuesByKey($Dataset, 'RoleID', 'Name');

  if(array_key_exists($Ref, $Roles)) {
    return TRUE;
  }
  else {
    foreach($Roles as $ID => $Title) {
      if(strcasecmp($Title, $Ref) == 0) {
        return TRUE;
      }
    }
  }

  return FALSE;
}

EDIT - Cross post. I thought it was an interesting problem, if not a little useless.

whu606

@hgtonight‌

Thanks very much for the input and example (and the knowledgeable discouragement!).

The situation is that I would like to limit the use of a plugin to a specified group of users, rather than allow it to be used by the whole forum.

From x00's input, I realise I should be asking how to set up a new permission via the plugin, so I end up with something like

(Gdn::Session()->CheckPermission('Plugins.Pluginname.Permission'))

x00

In plugin you can set new permissions in the RegisterPermissions part of the $PluginInfo, then you can use

Gdn::Session()->CheckPermission('YourPermission') or even just CheckPermission('YourPermission')

to automatically deny from that point on Gdn::Controller()->Permission('YourPermission') (often used at the top of hooks).

Note the dot syntax will influence how it will be displayed in the permissions groups under roles, and what it is grouped with

Common convention for naming a permission for a particular plugin would be Plugins.PluginName.SomeFacility

it really depends on the nature of the permission how you wan to group it with.

Then after that is all set up you assign the permission to the roles.

whu606

@x00‌

Thank you so much for taking the trouble to help out.

That seems to be exactly what I needed to know.

Will have a fiddle and report back!

hgtonight

No worries!

You can register permissions automatically on plugin enable by adding 'RegisterPermissions' => array('AnyName.You.Want' => 1, 'Plugins.PluginName.PermType' => 0), to your plugin info array.

You can use any key you want but the general idea is to namespace them with a dot notation. For example, DiscussionPolls uses the following value:

'RegisterPermissions' => array('Plugins.DiscussionPolls.Add', 'Plugins.DiscussionPolls.View', 'Plugins.DiscussionPolls.Vote', 'Plugins.DiscussionPolls.Manage')

This keeps all the plugins permissions in the same block and uses the 'standard' permissions. You notice that you don't have to assign a value to the new permissions. Assigning bool value will default it to on/off.

EDIT: Cross-post AGAIN!

x00

I clarified some of the language in my reply.

Linc

Great topic & info, guys. Made a note to make this a developer doc.

peregrine

whu606

any plugin that you have added to you setup that has an individual plugin setting in dashboard does essentially this.

to name a couple examples of plugins.

FileUpload
MembershipEnh

x00

yep, I actually looked there first before making a reply, as it is no point repeating it, if I can link.

@Lincoln is everything from the old docs now covered in the new docs? Because I had to go to he old docs explicitly, as the link has changed.

whu606

@x00 to the rescue once again.

That did exactly what I was hoping it would.

Thanks again for the help.

Linc

Yes, I copy/pasted any old docs that were still relevant into the new docs and will be revising them as soon as possible. The old docs site will be going offline as soon as I can get 301s set up.

whu606

Thanks to everyone for their help.

@Peregrine, I did look at a couple of plugins which I knew had permissions options in the dashboard, but hadn't realised it was as straightforward as declaring a permission via Register Permissions.

whu606

I've edited the title a bit to reflect the question I should have asked...

Linc

Ah, but the original was still a question others will ask and need to learn they are likewise asking the wrong question I did it myself when I was getting started.